How to handle multiple submissions server-side
Solution 1:
One really effective way is to submit a token along with the request, and keep a list of used tokens. If the token is not valid, or the token has already been processed, then abort.
The token can be as simple as an incrementing integer, stored in a hidden text field, or you can encrypt it to increase security. This feature can be made more robust by generating the token when the page is created, encrypting it, then confirming the token has been generated AND has not been processed.
Solution 2:
Include a random unique token in a hidden form field. Then on the backend, you can check if it's been submitted before.
This is a generally good idea because it helps you defend against XSS attacks as well.